[jgardou] 64619: [NTOS/SE] - Correctly reference/dereference token object when the set token is already in use. - Ros-diffs

8 Oct 2014

Author: jgardou
Date: Wed Oct  8 19:50:14 2014
New Revision: 64619
URL: http://svn.reactos.org/svn/reactos?rev=64619&view=rev
Log:
[NTOS/SE]
 - Correctly reference/dereference token object when the set token is already in use.
Modified:
    trunk/reactos/ntoskrnl/se/token.c
Modified: trunk/reactos/ntoskrnl/se/token.c
URL: http://svn.reactos.org/svn/reactos/trunk/reactos/ntoskrnl/se/token.c?rev=646...
==============================================================================

--- trunk/reactos/ntoskrnl/se/token.c	[iso-8859-1] (original)
+++ trunk/reactos/ntoskrnl/se/token.c	[iso-8859-1] Wed Oct  8 19:50:14 2014
@@ -243,19 +243,28 @@
         if (OldToken == NewToken)
         {
             /* So it's a nop. */
-            PsDereferencePrimaryToken(OldToken);
+            *OldTokenP = OldToken;
             return STATUS_SUCCESS;
         }
Status = SepCompareTokens(OldToken, NewToken, &IsEqual);
         if (!NT_SUCCESS(Status))
         {
+            *OldTokenP = NULL;
             PsDereferencePrimaryToken(OldToken);
             return Status;
         }
-        PsDereferencePrimaryToken(OldToken);
-        return IsEqual ? STATUS_SUCCESS : STATUS_TOKEN_ALREADY_IN_USE;
+        if (!IsEqual)
+        {
+            *OldTokenP = NULL;
+            PsDereferencePrimaryToken(OldToken);
+            return STATUS_TOKEN_ALREADY_IN_USE;
+        }
+        /* Silently return STATUS_SUCCESS but do not set the new token,
+         * as it's already in use elsewhere. */
+        *OldTokenP = OldToken;
+        return STATUS_SUCCESS;
     }
/* Mark new token in use */

    